[NCSG-NCUC-DISCUSS] [ncsg-policy] Proposed NCUC Comments on the WHOIS Review Team Discussion Paper

Konstantinos Komaitis k.komaitis at STRATH.AC.UK
Sun Jul 24 11:23:38 CEST 2011


From: Nuno Garcia <ngarcia at NGARCIA.NET<mailto:ngarcia at NGARCIA.NET>>
Reply-To: Nuno Garcia <ngarcia at NGARCIA.NET<mailto:ngarcia at NGARCIA.NET>>
Date: Sat, 23 Jul 2011 17:58:36 +0100
To: "NCSG-DISCUSS at LISTSERV.SYR.EDU<mailto:NCSG-DISCUSS at LISTSERV.SYR.EDU>" <NCSG-DISCUSS at LISTSERV.SYR.EDU<mailto:NCSG-DISCUSS at LISTSERV.SYR.EDU>>
Subject: Re: [NCSG-NCUC-DISCUSS] [ncsg-policy] Proposed NCUC Comments on the WHOIS Review Team Discussion Paper



All in all, requiring registrant information is a good principle, not because of good guys and bad guys, but promoting sound information in a database is a good principle. (we should avoid using terms such as good, bad, and so on). This is not a technical issue, it is an issue of principles.

KK: I fail to understand what makes providing information such a good principle that we should not filter the kind of information that is provided. I agree that this is an issue of principles, but being an issue of principles we should make sure we don't expose registrants to such a degree. It is an issue of legal principles here. Being in Europe, I still get impressed with how the WHOIS is legal and I am sure colleagues in Canada will feel the same way. So, there is the rule of law that we need to remember – and this rule of law acknowledges the right to 'be let alone'.

KK



On 23 July 2011 16:25, Milton L Mueller <mueller at syr.edu<mailto:mueller at syr.edu>> wrote:

If you register a domain name, you are becoming part of the network infrastructure - and that requires that you be contactable.
[Milton L Mueller]

This is a point that I have heard repeated endlessly by some people in the technical community. I don’t accept the logic here (indeed, I am not sure there is any logic). A domain name registration is not part of the “network infrastructure” by most scientific/economic definitions of “infrastructure.” DNS is an application. The infrastructure is the physical servers and lines that resolve domain names. Indeed, as you have pointed out in earlier messages, the DNS is not even required to maintain connectivity.

But so what if it is part of the “infrastructure”? Everything connected to the Internet (by this logic) could be considered a “part of the network infrastructure.” Including this PC or my mobile phone.

The idea that being connected to the internet, or having facilities connected to the internet, requires you to be “contactable” is not as simple as you make it out to be. Contactable by whom? Contactable when? Under what conditions?

When you say that contactability is “required” you are again using words and concepts in a very imprecise way. Required by whom? By what? What kind of a “requirement” is this? A legal one? No. A contractual one? Maybe - but that is precisely what we are debating, whether ICANN contracts should require it or be amended, so in effect you are just begging the question.

A lot depends on what we mean by “contactable.”

In some sense, no one believes that domain registrants should not be contactable. Let me repeat that, because it’s vitally important that anyone participating in this debate understand this. NO ONE WANTS TO INSULATE DOMAIN REGISTRANTS FROM ALL CONTACT. The issue is what method that contact takes and what conditions are attached to it, and who controls the type of contact.

You are advocating that unconditional, unrestricted contact, at all times, globally, for any and every purpose, including bad ones. Be brave and admit that.

Others are arguing for applying some conditions and restrictions to access; perhaps the same that apply to, e.g., drivers license information, telephone numbers, school records, and so on. Burden of proof is on you, I think, to explain why having a domain name creates such an enormous, unmoderated obligation, such that your name, address, email should be open to global, unrestricted access, while having a telecom access line or a telephone number does not impose the same requirement.

Perhaps it's that your domain name isn't resolvable from some part of the world - or has invalid signatures that cause web browsing to fail, is supplying poisoned cache records, or is supporting a DDOS attack.  Or your mail server is generating spam.  Whether you personally operate those servers, or contract someone else to do so for your domain - once you register a domain name, you are responsible for having them operate responsibly.  And "responsibly" isn't subjective - it's the subject of the RFCs and standards that make the nework function.  This is not religion, politics, morality or personal hygiene.  If you register a domain name and do not live up to your responsbilities, the privilege of having a domain name, like that of driving, can be revoked.  That doesn't prevent you from using the internet without one - or using postal mail or the telephone.
[Milton L Mueller]

I am afraid you are vastly overstating the value of having a Whois record that points to my name and email address. Having that record there does not guarantee that I will respond, does not guarantee that the info is accurate, and does not guarantee that you or anyone else will be able to fix any and every problem that happens. Furthermore, most of the contacting that takes place these days has nothing to do with the technical functioning of the domain – it has to do with what came to be known in earlier debates as “other purposes” – i.e., the desire of law enforcement and trademark lawyers to regulate conduct on the net. An exchange of whois data limited exclusively to registrars/registries and, after meeting a certain threshold, law enforcement, can meet most of those legitimate needs.


More information about the Ncuc-discuss mailing list